aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/statem
Commit message (Collapse)AuthorAgeFilesLines
* Move logic for figuring out the record version out of record layerMatt Caswell2022-09-233-11/+14
| | | | | | | | | | This calculation is based on lots of information from state machine and elsewhere that the record layer cannot access. In reality it is sufficient to simply tell the record layer what version to use. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
* Correctly handle a retransmitted ClientHelloMatt Caswell2022-09-221-10/+85
| | | | | | | | | | | | | If we receive a ClientHello and send back a HelloVerifyRequest, we need to be able to handle the scenario where the HelloVerifyRequest gets lost and we receive another ClientHello with the message sequence number set to 0. Fixes #18635 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18654)
* Use an enum for the return value from a construction functionMatt Caswell2022-09-207-133/+162
| | | | | | | | | | Construction return values are no longer boolean but can return 3 different values, so we use an enum to represent them. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18990)
* If a ticket key callback returns 0 in TLSv1.3 don't send a ticketMatt Caswell2022-09-202-22/+64
| | | | | | | | | | | | | If we can't construct the ticket don't send one. This requires a change to the TLS state machine to be able to a handle a construction function deciding not to send a message after all. Fixes #18977 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18990)
* stack.c: add missing direct error reporting and improve coding styleDr. David von Oheimb2022-09-161-1/+1
| | | | | | | | | | Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c, ssl/ssl_ciph.c, ssl/statem/statem_srvr.c, and mostly in test/helpers/ssltestlib.c. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18918)
* ssl: modify libssl so that it uses OSSL_TIMEPauli2022-09-134-20/+23
| | | | | | | | | | This is instead of time_t and struct timeval. Some public APIs mandate a presence of these two types, but they are converted to OSSL_TIME internally. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19082)
* Cleanup EBCDIC string defintionsTodd Short2022-09-092-20/+10
| | | | | | | | Use a single definiton for protocol string defintions. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19122)
* Coverity: misuses of time_tPauli2022-08-192-13/+11
| | | | | | | | | | | | | | | | Coverity 1508506: Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Coverity 1508534 & 1508540: Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19004)
* Remove redefinition of SSL_AD_NO_ALERTMatt Caswell2022-08-181-1/+0
| | | | | | | | | The SSL_AD_NO_ALERT value was defined in two places. We centralise its definition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some redundant codeMatt Caswell2022-08-181-1/+0
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some fields out of the SSL object and into the record layer objectMatt Caswell2022-08-185-17/+21
| | | | | | | | | Fields such as rrlmethod and rrl are entirely related to the record layer, and so should be in that object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some remaining SSL object references from DTLS record layerMatt Caswell2022-08-181-4/+6
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove reliance on the SSL object from the DTLS read record layer codeMatt Caswell2022-08-181-2/+14
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some DTLS read code into the read record layerMatt Caswell2022-08-181-1/+1
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some use of SSL object from record layerMatt Caswell2022-08-182-0/+3
| | | | | | | | Remove SSL_IS_TLS13() and hello_retry_request Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove unneccesary KTLS code from non-KTLS specific filesMatt Caswell2022-08-183-15/+29
| | | | | | | | | This also moves other protocol specific code to the protocol specific files. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Convert ssl3_get_record to tls_read_recordMatt Caswell2022-08-181-2/+1
| | | | | | | | | We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Check that IV length is not less than zeroDmitry Belyavskiy2022-08-011-0/+4
| | | | | | | | | | | As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error should be processed. Also the result of this function shouldn't be assigned to an unsigned variable. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18891)
* SSL object refactoring using SSL_CONNECTION objectTomas Mraz2022-07-2811-1079/+1393
| | | | | | | | | | | | | | Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
* Check for EVP_MD being NULL inside ssl.slontis2022-07-132-2/+8
| | | | | | | | | | | | | Fix multiple places that could potentially segfault if memory allocations fail. e.g. ssl_load_ciphers() could fail while calling ssl_evp_md_fetch(). Found by #18355 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18784)
* Use safe pattern for buffer size determining in case of GOST key exchangeDmitry Belyavskiy2022-05-241-6/+8
| | | | | | | | | Related: CVE-2022-29242 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18381)
* Remove duplicated #include headersJHH202022-05-041-1/+0
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
* Update copyright yearMatt Caswell2022-05-039-9/+9
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Fix an assertion in the DTLS server codeBernd Edlinger2022-04-141-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(00000003) 40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18093)
* tls_process_server_hello: Disallow repeated HRRTomas Mraz2022-03-301-0/+4
| | | | | | | | | | Repeated HRR must be rejected. Fixes #17934 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17936)
* ticket_lifetime_hint may exceed 1 week in TLSv1.3Todd Short2022-03-251-6/+15
| | | | | | | | | | For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446 Fixes #17948 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17952)
* Replace handling of negative verification result with SSL_set_retry_verify()Tomas Mraz2022-03-141-3/+4
| | | | | | | | | | | | | | | | Provide a different mechanism to indicate that the application wants to retry the verification. The negative result of the callback function now indicates an error again. Instead the SSL_set_retry_verify() can be called from the callback to indicate that the handshake should be suspended. Fixes #17568 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17825)
* Add back check for the DH public key sizeTomas Mraz2022-02-172-5/+5
| | | | | | | | | | | | This is needed for TLS-1.3. Also add check for uncompressed point format for ECDHE as the other formats are not allowed by RFC 8446. Fixes #17667 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17678)
* ssl: better support TSAN operationsPauli2022-01-193-10/+22
| | | | | | | | For platforms that do not have native TSAN support, locking needs to be used instead. This adds the locking. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17489)
* ssl: replace ;; with ; as statement separatorPauli2022-01-181-1/+1
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17528)
* Delete unused param about get_construct_message_fyangyangtiantianlonglong2022-01-094-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17385)
* Fix: some patches related to error exitingPeiwei Hu2022-01-071-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17417)
* fix the return check of EVP_PKEY_CTX_ctrl() in 5 spotsxkernel2022-01-072-5/+5
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17413)
* properly free the resource from CRYPTO_mallocxkernel2022-01-061-2/+2
| | | | | | | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17412)
* Fix typosDimitris Apostolou2022-01-051-1/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17392)
* add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb2021-12-212-3/+3
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
* Fix invalid handling of verify errors in libsslMatt Caswell2021-12-141-1/+1
| | | | | | | | | | | | | | In the event that X509_verify() returned an internal error result then libssl would mishandle this and set rwstate to SSL_RETRY_VERIFY. This subsequently causes SSL_get_error() to return SSL_ERROR_WANT_RETRY_VERIFY. That return code is supposed to only ever be returned if an application is using an app verify callback to complete replace the use of X509_verify(). Applications may not be written to expect that return code and could therefore crash (or misbehave in some other way) as a result. CVE-2021-4044 Reviewed-by: Tomas Mraz <tomas@openssl.org>
* No EtM for GOST ciphers in TLS 1.2Dmitry Belyavskiy2021-11-291-1/+5
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17150)
* Enable brainpool curves for TLS1.3Bernd Edlinger2021-11-264-8/+35
| | | | | | | | See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7485)
* Fix a memory leak in tls_parse_stoc_key_shareBernd Edlinger2021-11-041-0/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16956)
* fix some code with obvious wrong coding stylex20182021-10-283-3/+3
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
* free the Post-Handshake Auth digest when there is an error saving the digestx20182021-10-271-0/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16917)
* New extensions can be sent in a certificate requestMatt Caswell2021-10-111-5/+6
| | | | | | | | | | | | | Normally we expect a client to send new extensions in the ClientHello, which may be echoed back by the server in subsequent messages. However the server can also send a new extension in the certificate request message to be echoed back in a certificate message Fixes #16632 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16634)
* ssl: Correct filename in READMETianjia Zhang2021-09-271-1/+1
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16671)
* Fix potential double-freeTodd Short2021-08-161-1/+1
| | | | | | | | | | | | The `sk` variable is assigned to `s->session->peer_chain`. If `ssl3_digest_cached_records()` were to fail, then `sk` would still be non-NULL, and subsequently freed on the error return. When the session is freed, it will then attempt to free `s->session->peer_chain`, resulting in a double-free (of `sk`). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16309)
* tls_process_{client,server}_certificate(): allow verify_callback return > 1Dr. David von Oheimb2021-07-212-8/+0
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13937)
* Avoid "excessive message size" for session ticketsMatt Caswell2021-07-062-1/+4
| | | | | | | | | | | We received a report of an "excessive message size" for a received session ticket. Our maximum size was significantly less than the theoretical maximum. The server may put any data it likes in the session ticket including (for example) the full certificate chain so we should be able to handle longer tickets. Update the value to the maximum allowed by the spec. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15877)
* ssl: fix indentationPauli2021-06-191-1/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15824)
* ssl: replace tabs with spacesPauli2021-06-191-1/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15824)
* Optimize session cache flushingTodd Short2021-06-102-7/+5
| | | | | | | | | | | | Sort SSL_SESSION structures by timeout in the linked list. Iterate over the linked list for timeout, stopping when no more session can be flushed. Do SSL_SESSION_free() outside of SSL_CTX lock Update timeout upon use Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8687)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 23:10:00 +0000